LDAP schema questions
Nicolas Williams
Nicolas.Williams at sun.com
Tue Jun 13 09:22:52 EDT 2006
On Wed, Jun 14, 2006 at 12:20:11AM +0530, Praveen Kumar Sahukar wrote:
> On Tue, 2006-06-13 at 22:13 +1000, Luke Howard wrote:
> > >Unless you require that there exist no more than a single principal
> > >per user object then you will have to lock and update multiple objects
> > >as part of the transaction.
> >
> > I would recommend that there be 1:1 mapping between a principal entry
> > in the directory and a principal in Kerberos.
>
> What about the directory user associated with more than one Kerberos
> Realm which results into more than one kerberos identity per directory
> user ?
The text you quoted from Luke says nothing about users...
Nico
--
More information about the krbdev
mailing list